返回 CVE 浏览器

CVE-2002-0267

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1510%

EPSS Percentile8.96th

Published2002年5月29日

Last Modified2026年4月16日

Vulnerability Description

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

Affected Platforms (CPE)

📦

Sips

Sips

= 0.2.4

📦

Sips

Sips

= 0.3.0

📦

Sips

Sips

= 0.3.0pl1

📦

Sips

Sips

= 0.3.0pl2

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=101363233905645&w=2

🔗 http://sips.sourceforge.net/adminvul.html

🔗 http://www.iss.net/security_center/static/8193.php

🔗 http://www.securityfocus.com/bid/4097

🔗 http://marc.info/?l=bugtraq&m=101363233905645&w=2

🔗 http://sips.sourceforge.net/adminvul.html

🔗 http://www.iss.net/security_center/static/8193.php

🔗 http://www.securityfocus.com/bid/4097

相关漏洞威胁

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-221810.0

CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publish...

CVE-2000-124110.0

Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and atta...

CVE-2007-074610.0

Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to exe...